#coding=utf8
import sys
import traceback
import win32con
import win32evtlog
import win32evtlogutil
import winerror
try:
from _utils.patrol2 import run_cmd, data_format, report_format
except:
print 'no module _utils'
import platform
import datetime,psutil
def getAllEvents(server, logtypes,time_flag):
"""
"""
if not server:
serverName = "localhost"
else:
serverName = server
for logtype in logtypes:
result=getEventLogs(server, logtype,time_flag)
return result
# ----------------------------------------------------------------------
def getEventLogs(server, logtype, time_flag,logPath=None):
"""
Get the event logs from the specified machine according to the
logtype (Example: Application) and save it to the appropriately
named log file
"""
print "Logging %s events" % logtype
# log = codecs.open(logPath, encoding='utf-8', mode='w')
# line_break = '-' * 80
#
# log.write("\n%s Log of %s Events\n" % (server, logtype))
# log.write("Created: %s\n\n" % time.ctime())
# log.write("\n" + line_break + "\n")
# 讀取本機的,system系統日誌
hand = win32evtlog.OpenEventLog(server, logtype)
# 獲取system日誌的總行數
total = win32evtlog.GetNumberOfEventLogRecords(hand)
print "Total events in %s = %s" % (logtype, total)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
events = win32evtlog.ReadEventLog(hand, flags, 0)
# 錯誤級別類型
evt_dict = {win32con.EVENTLOG_AUDIT_FAILURE: 'EVENTLOG_AUDIT_FAILURE',
win32con.EVENTLOG_AUDIT_SUCCESS: 'EVENTLOG_AUDIT_SUCCESS',
win32con.EVENTLOG_INFORMATION_TYPE: 'EVENTLOG_INFORMATION_TYPE',
win32con.EVENTLOG_WARNING_TYPE: 'EVENTLOG_WARNING_TYPE',
win32con.EVENTLOG_ERROR_TYPE: 'EVENTLOG_ERROR_TYPE'}
try:
events = 1
count=0
while events:
events = win32evtlog.ReadEventLog(hand, flags, 0)
for ev_obj in events:
the_time = ev_obj.TimeGenerated.Format() # '12/23/99 15:54:09'
the_time=datetime.datetime.strptime(the_time, "%m/%d/%y %H:%M:%S")
if the_time < time_flag:
continue
evt_id = str(winerror.HRESULT_CODE(ev_obj.EventID))
computer = str(ev_obj.ComputerName)
cat = ev_obj.EventCategory
## seconds=date2sec(the_time)
record = ev_obj.RecordNumber
msg = win32evtlogutil.SafeFormatMessage(ev_obj, logtype)
source = str(ev_obj.SourceName)
if not ev_obj.EventType in evt_dict.keys():
evt_type = "unknown"
else:
evt_type = str(evt_dict[ev_obj.EventType])
if evt_id=='4625':
count+=1
# log.write("Event Date/Time: %s\n" % the_time)
# log.write("Event ID / Type: %s / %s\n" % (evt_id, evt_type))
# log.write("Record #%s\n" % record)
# log.write("Source: %s\n\n" % source)
# log.write(msg)
# log.write("\n\n")
# log.write(line_break)
# log.write("\n\n")
return count
except:
print traceback.print_exc(sys.exc_info())
sys.exit(1)
def get_start_time():
dt = datetime.datetime.fromtimestamp(psutil.boot_time())
return dt
if __name__ == "__main__":
time_flag= get_start_time()
print time_flag
server = None # None = local machine
logTypes = ["Security"]#"System", "Application",
result=getAllEvents(server, logTypes,time_flag)
if result==0:
alert=0
else:
alert = 1
hostname=platform.node()
report=data_format('登陸失敗次數',result,alert)
reports=report_format(hostname,report,is_json=True)
print reports
windows使用python原生組件包獲取系統日誌信息
相關文章
- 1. Python使用wmi模塊獲取windows下的系統信息監控系統
- 2. PowerShell獲取系統日誌
- 3. 【監控實踐】使用 wevtutil 獲取windows系統日誌
- 4. python-獲取操做系統信息
- 5. windows和linux 使用java配置sigar 獲取系統信息
- 6. java 獲取系統信息
- 7. 獲取Linux系統信息
- 8. SystemInfo獲取系統信息
- 9. Android獲取系統信息
- 10. 獲取Linux/Unix文件系統信息
- 更多相關文章...
- • PHP getimagesizefromstring - 獲取圖片信息函數 - PHP參考手冊
- • php getimagesize 函數 - 獲取圖像信息 - PHP參考手冊
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Java Agent入門實戰(三)-JVM Attach原理與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
